05-01-2013 06:16 PM - edited 03-04-2019 07:47 PM
I have a host in my network that I would like to allow to reach all local resources, but only one public IP address. I have been reading about access lists but I am getting confused with the "source wildcard bits". For the sake of this example, I want the host to be able to access 10.0.0.0/8. and a single public IP address of 8.8.8.8. Can someone please show me the config for this?
I do not want my host to be able to reach any other IP addresses.
Thank you very much in advance!
Solved! Go to Solution.
05-01-2013 08:24 PM
ip access-list extended any_name or number_b/w (100 -199)
permit ip host x.x.x.x 10.0.0.0 0.255.255.255
permit ip host x.x.x.x host 8.8.8.8
deny ip any any log
we need to apply this acl to take effect.
For example Fa0/1 is the LAN interface then
int fa0/1
ip access-group acl_name or number_b/w (100-199) in
05-01-2013 08:24 PM
ip access-list extended any_name or number_b/w (100 -199)
permit ip host x.x.x.x 10.0.0.0 0.255.255.255
permit ip host x.x.x.x host 8.8.8.8
deny ip any any log
we need to apply this acl to take effect.
For example Fa0/1 is the LAN interface then
int fa0/1
ip access-group acl_name or number_b/w (100-199) in
05-07-2013 03:05 AM
This worked. I ended up changing the ACL a bit, but yours did work .
Thank you!
Sent from Cisco Technical Support iPhone App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide